From owner-cvs-all@FreeBSD.ORG Mon Mar 29 10:14:38 2004 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EC59816A4CE; Mon, 29 Mar 2004 10:14:38 -0800 (PST) Received: from postman.arcor.de (postman4.arcor-online.net [151.189.0.154]) by mx1.FreeBSD.org (Postfix) with ESMTP id 39C7D43D46; Mon, 29 Mar 2004 10:14:36 -0800 (PST) (envelope-from eikemeier@fillmore-labs.com) Received: from fillmore.dyndns.org (port-212-202-51-138.reverse.qsc.de [212.202.51.138]) (authenticated bits=0)i2TIEXD2006762 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Mon, 29 Mar 2004 20:14:34 +0200 (MEST) Received: from [172.16.0.2] (helo=fillmore-labs.com) by fillmore.dyndns.org with esmtp (Exim 4.30; FreeBSD) id 1B81HK-000Ivb-EQ; Mon, 29 Mar 2004 20:14:30 +0200 Message-ID: <40686785.7020002@fillmore-labs.com> Date: Mon, 29 Mar 2004 20:14:29 +0200 From: Oliver Eikemeier Organization: Fillmore Labs GmbH - http://www.fillmore-labs.com/ MIME-Version: 1.0 To: "Jacques A. Vidrine" References: <200403282344.i2SNi6Hq047722@repoman.freebsd.org> <20040329163309.GA81526@madman.celabo.org> In-Reply-To: <20040329163309.GA81526@madman.celabo.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit User-Agent: KMail/1.5.9 cc: cvs-ports@FreeBSD.org cc: ports-committers@FreeBSD.org cc: cvs-all@FreeBSD.org cc: Oliver Eikemeier Subject: Re: cvs commit: ports/multimedia/xine Makefile X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Mar 2004 18:14:39 -0000 Jacques A. Vidrine wrote: > On Sun, Mar 28, 2004 at 03:44:06PM -0800, Oliver Eikemeier wrote: > >>eik 2004/03/28 15:44:06 PST >> >> FreeBSD ports repository >> >> Modified files: >> multimedia/xine Makefile >> Log: >> Mark forbidden due to an entry in the VuXML database. Don't >> forget to add the version which fixes the issues there. > > FWIW: > > I didn't mark this port FORBIDDEN when I added the issue to the > database because some issues are not very severe. For example, this > issue has practically no impact on single user systems, and quite > possibly no impact on any FreeBSD user anywhere. Marking the port > FORBIDDEN in this case seems extreme. It's in the official FreeBSD vulnerability database. > I'd prefer to reserve FORBIDDEN for those cases where the ports > present some danger. Those who want a more strict policy can use > portaudit or similar, right? I guess we have to add a severity tag then, to enable `soft' vulnerabilities. I have an automated script that barks on unmarked vulnerabilities, and it can't decide which vulnerability is `important'. >> http://people.freebsd.org/~eik/portaudit/fde53204-7ea6-11d8-9645-0020ed76ef5a.html > > By the way, I'd appreciate it if you'd point to the VuXML site instead > (the URLs are `permanent'). > > http://vuxml.freebsd.org/ > http://vuxml.freebsd.org/fde53204-7ea6-11d8-9645-0020ed76ef5a.html These are generated by the same script that generates the portaudit database, so they will never go out of sync. Oliver